b2evolution PHP Cross Reference Blogging Systems

Source: /htsrv/quick_upload.php - 348 lines - 9533 bytes - Summary - Text - Print

Description: This file implements the AJAX concurrent file uploader This file is part of the evoCore framework - {@link http://evocore.net/} See also {@link http://sourceforge.net/projects/evocms/}.

   1  <?php
   2  /**
   3   * This file implements the AJAX concurrent file uploader
   4   *
   5   * This file is part of the evoCore framework - {@link http://evocore.net/}
   6   * See also {@link http://sourceforge.net/projects/evocms/}.
   7   *
   8   * @copyright (c)2003-2014 by Francois Planque - {@link http://fplanque.com/}
   9   *
  10   * @license http://b2evolution.net/about/license.html GNU General Public License (GPL)
  11   *
  12   * @package htsrv
  13   *
  14   * {@internal Below is a list of authors who have contributed to design/coding of this file: }}
  15   * @author efy-asimo: Attila Simo.
  16   *
  17   * @version $Id: quick_upload.php 6136 2014-03-08 07:59:48Z manuel $
  18   */
  19  
  20  
  21  /**
  22   * Do the MAIN initializations:
  23   */
  24  
  25  
  26  /**
  27   * Handle file uploads via XMLHttpRequest
  28   */
  29  class qqUploadedFileXhr {
  30      /**
  31       * Save the file to the specified path
  32       * @return boolean TRUE on success
  33       */
  34      function save($path) {
  35          $input = fopen("php://input", "r");
  36          $temp = tmpfile();
  37          $realSize = stream_copy_to_stream($input, $temp);
  38          fclose($input);
  39  
  40          if ($realSize != $this->getSize()){
  41              return false;
  42          }
  43  
  44          $target = fopen($path, "w");
  45          fseek($temp, 0, SEEK_SET);
  46          stream_copy_to_stream($temp, $target);
  47          fclose($target);
  48  
  49          return true;
  50      }
  51  
  52  	function get_content()
  53      {
  54          $input = fopen("php://input", "rb");
  55          $temp = tmpfile();
  56          stream_copy_to_stream( $input, $temp );
  57          fclose( $input );
  58  
  59          fseek($temp, 0, SEEK_SET);
  60          $contents = '';
  61  
  62          load_funcs( 'tools/model/_system.funcs.php' );
  63          $memory_limit = system_check_memory_limit();
  64  
  65          while( ! feof( $temp ) )
  66          {
  67              $curr_mem_usage = memory_get_usage( true );
  68              if( ( $memory_limit - $curr_mem_usage ) < 8192 )
  69              { // Don't try to load the next portion of image into the memory because it would cause 'Allowed memory size exhausted' error
  70                  fclose( $temp );
  71                  return false;
  72              }
  73              $contents .= fread( $temp, 8192 );
  74          }
  75          fclose( $temp );
  76          return $contents;
  77      }
  78  
  79  
  80  
  81      function getName() {
  82          return $_GET['qqfile'];
  83      }
  84      function getSize() {
  85          if (isset($_SERVER["CONTENT_LENGTH"])){
  86              return (int)$_SERVER["CONTENT_LENGTH"];
  87          } else {
  88              throw new Exception('Getting content length is not supported.');
  89          }
  90      }
  91  }
  92  
  93  /**
  94   * Handle file uploads via regular form post (uses the $_FILES array)
  95   */
  96  class qqUploadedFileForm
  97  {
  98      /**
  99       * Save the file to the specified path
 100       * @return boolean TRUE on success
 101       */
 102      function save($path)
 103      {
 104          if( !move_uploaded_file($_FILES['qqfile']['tmp_name'], $path) )
 105          {
 106              return false;
 107          }
 108          return true;
 109      }
 110  
 111      function getName()
 112      {
 113          return $_FILES['qqfile']['name'];
 114      }
 115  
 116      function getSize()
 117      {
 118          return $_FILES['qqfile']['size'];
 119      }
 120  
 121  	function get_content()
 122      {
 123          $temp = fopen( $_FILES['qqfile']['tmp_name'], "rb" );
 124          fseek( $temp, 0, SEEK_SET );
 125          $contents = '';
 126  
 127          load_funcs( 'tools/model/_system.funcs.php' );
 128          $memory_limit = system_check_memory_limit();
 129  
 130          while( ! feof( $temp ) )
 131          {
 132              $curr_mem_usage = memory_get_usage( true );
 133              if( ( $memory_limit - $curr_mem_usage ) < 8192 )
 134              { // Don't try to load the next portion of image into the memory because it would cause 'Allowed memory size exhausted' error
 135                  fclose( $temp );
 136                  return false;
 137              }
 138              $contents .= fread( $temp, 8192 );
 139          }
 140  
 141          fclose( $temp );
 142          return $contents;
 143      }
 144  }
 145  
 146  
 147  function out_echo( $message ,$specialchars )
 148  {
 149      $message['text'] = base64_encode($message['text']);
 150      if( $specialchars == 1 )
 151      {
 152          $message['specialchars'] = 1;
 153          echo htmlspecialchars(evo_json_encode(array('success'=>$message)));
 154      }
 155      else
 156      {
 157          $message['specialchars'] = 0;
 158          echo (evo_json_encode(array('success'=>$message)));
 159      }
 160  
 161  }
 162  
 163  $specialchars = 0;
 164  if( isset($_FILES['qqfile']) )
 165  {
 166      $specialchars = 1;
 167  }
 168  
 169  $message = array();
 170  
 171  require_once dirname(__FILE__).'/../conf/_config.php';
 172  require_once $inc_path.'_main.inc.php';
 173  
 174  // Do not append Debuglog to response!
 175  $debug = false;
 176  
 177  // Do not append Debug JSlog to response!
 178  $debug_jslog = false;
 179  
 180  global $current_User;
 181  
 182  param( 'upload', 'boolean', true );
 183  param( 'root_and_path', 'string', true );
 184  
 185  // Check that this action request is not a CSRF hacked request:
 186  $Session->assert_received_crumb( 'file' );
 187  
 188  $upload_path = false;
 189  if( strpos( $root_and_path, '::' ) )
 190  {
 191      list( $root, $path ) = explode( '::', $root_and_path, 2 );
 192      $FileRootCache = & get_FileRootCache();
 193      $fm_FileRoot = $FileRootCache->get_by_ID( $root );
 194      $non_canonical_list_path = $fm_FileRoot->ads_path.$path;
 195      $upload_path = get_canonical_path( $non_canonical_list_path );
 196  }
 197  
 198  if( $upload_path === false )
 199  {
 200      $message['text'] = '<span class="result_error">Bad request. Unknown upload location!</span>'; // NO TRANS!!
 201      out_echo($message, $specialchars);
 202      exit();
 203  }
 204  
 205  if( $upload && ( !$current_User->check_perm( 'files', 'add', false, $fm_FileRoot ) ) )
 206  {
 207      $message['text'] = '<span class="result_error">'.T_( 'You don\'t have permission to upload on this file root.' ).'</span>';
 208      out_echo($message, $specialchars);
 209      exit();
 210  }
 211  
 212  if( $upload )
 213  {    // Create the object and assign property
 214  
 215      if( isset($_GET['qqfile']) )
 216      {
 217          $file = new qqUploadedFileXhr();
 218      }
 219      elseif( isset($_FILES['qqfile']) )
 220      {
 221          $file = new qqUploadedFileForm();
 222  
 223      }
 224      else
 225      {
 226          $file = false;
 227      }
 228  
 229      if( $Settings->get( 'upload_maxkb' ) && ( $file->getSize() > $Settings->get( 'upload_maxkb' )*1024 ) )
 230      {
 231          $message['text'] = '<span class="result_error">'.
 232          // fp>vitaliy : call function to make human readable sized in kB MB etc.
 233          sprintf( T_('The file is too large: %s but the maximum allowed is %s.'), bytesreadable($file->getSize()), bytesreadable($Settings->get( 'upload_maxkb' )*1024) )
 234          . '</span>';
 235          out_echo($message, $specialchars);
 236          exit();
 237      }
 238  
 239      $newName = $file->getName();
 240      $oldName = $newName;
 241      // validate file name
 242      if( $error_filename = process_filename( $newName ) )
 243      {    // Not a file name or not an allowed extension
 244          $message['text'] =  '<span class="result_error"> '.$error_filename.'</span>';
 245          out_echo($message, $specialchars);
 246          exit();
 247      }
 248  
 249      list( $newFile, $oldFile_thumb ) = check_file_exists( $fm_FileRoot, $path, $newName );
 250      $newName = $newFile->get('name');
 251  
 252      // If everything is ok, save the file somewhere
 253      $file_content = $file->get_content();
 254      if( $file_content === false )
 255      { // No memory enough to upload file
 256          $message['text'] = '<span class="result_error">'.T_( 'The server (PHP script) has not enough available memory to receive this large file!' ).'</span>';
 257          $message['status'] = 'error';
 258          out_echo($message, $specialchars);
 259          exit();
 260      }
 261      elseif( save_to_file( $file_content, $newFile->get_full_path(), 'wb' ) )
 262      {
 263          // Change to default chmod settings
 264          $newFile->chmod( NULL );
 265  
 266          // Refreshes file properties (type, size, perms...)
 267          $newFile->load_properties();
 268  
 269          // save file into the db
 270          $newFile->dbsave();
 271  
 272          // Prepare the uploaded file to the final format ( E.g. Resize and Rotate images )
 273          prepare_uploaded_files( array( $newFile ) );
 274  
 275          $message = '';
 276          if( ! empty($oldFile_thumb) )
 277          {
 278              $image_info = getimagesize( $newFile->get_full_path() );
 279              if( $image_info )
 280              {
 281                  $newFile_thumb = $newFile->get_preview_thumb( 'fulltype' );
 282              }
 283              else
 284              {
 285                  $newFile_thumb = $newFile->get_size_formatted();
 286              }
 287              $message = '<br />';
 288              $message .= sprintf( T_('%s was renamed to %s. Would you like to replace %s with the new version instead?'),
 289                                  '&laquo;'.$oldName.'&raquo;', '&laquo;'.$newName.'&raquo;', '&laquo;'.$oldName.'&raquo;' );
 290              $message .= '<div class="invalid" title="'.T_('File name changed.').'">';
 291              $message .= '<input type="radio" name="Renamed_'.$newFile->ID.'" value="Yes" id="Yes_'.$newFile->ID.'"/>';
 292              $message .= '<label for="Yes_'.$newFile->ID.'">';
 293              $message .= sprintf( T_("Replace the old version %s with the new version %s and keep old version as %s."), $oldFile_thumb, $newFile_thumb, $newName ).'</label><br />';
 294              $message .= '<input type="radio" name="Renamed_'.$newFile->ID.'" value="No" id="No_'.$newFile->ID.'" checked="checked"/>';
 295              $message .= '<label for="No_'.$newFile->ID.'">';
 296              $message .= sprintf( T_("Don't touch the old version and keep the new version as %s."), $newName ).'</label><br />';
 297              $message .= '</div>';
 298          }
 299  
 300          $warning = '';
 301          if( $Messages->count > 0 )
 302          { // Some errors/info messages can be created during prepare_uploaded_files()
 303              $warning .= $Messages->display( NULL, NULL, false );
 304          }
 305  
 306          if( !empty( $message ) )
 307          {
 308              $message .= '<input type="hidden" name="renamedFiles['.$newFile->ID.'][newName]" value="'.$newName.'" />' .
 309              '<input type="hidden" name="renamedFiles['.$newFile->ID.'][oldName]" value="'.$oldName.'" />';
 310              $message = array(
 311                      'text' => $message,
 312                      'warning' => $warning,
 313                      'status' => 'rename'
 314                  );
 315              out_echo($message, $specialchars);
 316              exit();
 317          }
 318          else
 319          {
 320              $image_info = getimagesize( $newFile->get_full_path() );
 321              if( $image_info )
 322              {
 323                  $newFile_thumb = $newFile->get_preview_thumb( 'fulltype' );
 324              }
 325              else
 326              {
 327                  $newFile_thumb = $newFile->get_size_formatted();
 328              }
 329  
 330              $message['text'] = "<span class=\"result_success\"> ".T_( 'OK' )." </span> $newFile_thumb ";
 331              $message['warning'] = $warning;
 332              out_echo($message, $specialchars);
 333              exit();
 334          }
 335  
 336      }
 337  
 338      $message['text'] = '<span class="result_error">'.T_( 'The file could not be saved!' ).'</span>';
 339      out_echo($message, $specialchars);
 340      exit();
 341  
 342  }
 343  
 344  $message['text'] =  '<span class="error">Invalid upload param</span>';
 345  out_echo($message, $specialchars);
 346  exit();
 347  
 348  ?>

title

Description

title

Description

title

Description

title

title

Body